PingOne Advanced Identity Cloud

Register an authenticator app

Whether you use the PingID mobile app, the ForgeRock Authenticator app, or a different authenticator app, you must register that app in Advanced Identity Cloud to use it as an additional factor when logging in.

Generally, authenticator apps support registration of multiple accounts and multiple different authentication methods in each account, such as push notifications and OTPs.

Learn more about registering your authenticator app for OATH authentication (HOTP and TOTP) and push authentication.

Find information on registering Web Authentication (WebAuthn) devices with Advanced Identity Cloud in WebAuthn authentication.

You must register your authenticator app with Advanced Identity Cloud once per authentication method. For example, if one journey uses push notifications and another uses OTPs, you must register the app separately for each authentication method.

Your authenticator app must access the internet to register for push notifications. You don’t need a connection to the internet to register for OTP authentication.

  1. When accessing a protected resource that requires MFA, Advanced Identity Cloud prompts you to register a device and displays a QR code screen, for example:

    QR code to register your device

    • If you’re logging in on the device and can’t scan the screen, click the On a mobile device? link to launch the app and register the device, bypassing the QR code.

    • If you’re logging in on a computer, start your authenticator app and click its plus icon () to register the device.

      The screen on the device changes to an interface similar to your camera app.

      Scan the QR code with your authenticator app.

    The app displays the account you registered in the list of accounts.

  2. After registering your device, you MUST make a copy of the recovery codes for the account. For example:

    Recovery codes screen

    Store the recovery codes separately from your device. The recovery codes will never be displayed again. They serve as one-time verification codes to log in if your registered device is lost, stolen, or broken.

    When you’ve safely stored the recovery codes for your newly registered push device, click Done.

  3. If prompted, respond to the push notification or enter an OTP from the app.

Your device is now registered. You can use it to perform MFA.